No Phishing: Multilayered Defense Best Way to Keep Fraudsters Empty-Handed

Digital fraud is a constant menace for businesses and individuals, with merchants around the globe expecting to lose more than $20 billion to fraud in 2021 alone. Phishing is a particularly dangerous threat, resulting in data breaches that cost businesses an average of $4.24 million per incident. In the past year, nearly 75% of businesses fell victim to phishing attacks.

Merchants are deploying several defensive measures to keep phishing at bay. One of the best ways to protect companies is rigorous training for employees, including identifying suspicious emails, enabling multifactor authentication and never giving usernames, passwords or other information to anyone who asks for it. This training can be augmented by technological solutions such as browser extensions that access databases of known fraudulent websites and block employee access.

In the October edition of the “Digital Fraud Tracker®,” PYMNTS explores the latest in the world of fraud prevention, including the latest phishing tactics leveraged by bad actors to steal funds and data, the countermeasures that merchants are deploying to protect themselves and their customers, and other fraud threats such as impersonation schemes and social engineering.

Developments From the Digital Fraud Space

Businesses in the United Kingdom are also facing massive waves of phishing attacks. A survey found that 73% of businesses in the U.K. suffered data breaches due to phishing in the past year, with bad actors tricking employees into forfeiting login data that the fraudsters then used to breach corporate systems. Data breaches also stemmed from other attack vectors, with 74% of businesses saying that employees broke data security rules and allowed company data to be leaked.

Phishing is not the only fraud technique running rampant in Europe. The U.K., for instance, saw 96.6 million pounds (about $132 million) lost to fraudsters impersonating police officers, while 53.7 million pounds (about $73.8 million) was lost to other types of impersonation scams, including an incident where a fraud ring impersonated Royal Mail workers to scam customers. After the U.K., the most affected countries were Ireland, Denmark, France and Luxembourg.

Businesses are deploying several different defenses to keep these fraud threats at bay. A survey found that one-third of financial institutions (FIs) have accelerated their artificial intelligence (AI) and machine learning (ML) programs, for example, as the ongoing pandemic leaves new digital entry points for bad actors. Anti-money laundering (AML) is a particular focus for these programs, with 57% of these FIs saying they have added AI and ML to their AML programs or are planning to do so within the next 12 to 18 months.

For more on these and other digital fraud news items, download this month’s Tracker.

Fighting Phishing Through Employee Training and Siloed Access

Phishing is a perennial threat to businesses of all types, and bad actors are growing increasingly sophisticated in their techniques with social media scraping and automated attempts. No single defensive layer is enough to counter the threat, but a combination of employee training and siloed access to corporate systems could go a long way.

In this month’s Feature Story, PYMNTS talked with Chuck Brooks, adjunct professor of cybersecurity risk management at Georgetown University, about why legacy methods of phishing recognition must be phased out in favor of identifying new phishing tells.

Deep Dive: The Dangers of Phishing and How Companies Can Fight It

Experiencing a data breach is one of the worst fears of any organization, with millions of dollars spent to contain the damage of private customer records and credentials leaked into cyberspace. Companies looking to reduce the risk of a breach are working to stop its most common cause: phishing.

In this month’s Deep Dive, PYMNTS explores how fraudsters deploy phishing schemes to gain access to employee login credentials and how these fraudsters can be stopped through vigilant employee training and fraud prevention software.

About the Tracker

The PYMNTS “Digital Fraud Tracker®,” done in collaboration with and supported by PayPal, is your go-to monthly resource for updates on trends and changes in digital fraud prevention.

Treasury Secretary: DOGE Has Found $50 Billion in Savings 

Treasury Department

The U.S. Treasury Secretary says a new government cost-cutting effort has found $50 billion in savings.

Speaking to Fox News Tuesday (Feb. 18) evening, Scott Bessent said the work by the “Department of Government Efficiency” (DOGE), a group created by executive order last month, could ultimately lead to “several percent of GDP that we are saving.”

The secretary added that the public doesn’t “have to be concerned about any of this,” in reference to attempts by the Elon Musk-connected team to access taxpayer data, leading Democratic lawmakers to raise concerns about privacy.

At the Internal Revenue Service, Bessent said, there’s one member of the DOGE team “looking at an outdated IT system, that’s all they’re doing.”

Bessent said two people at Treasury had “read only access” to the payments systems, meaning they don’t have the ability to make any changes.  “There are very strict guardrails around them,” he said.

The $50 billion figure is slightly lower than the $55 billion in savings DOGE claims to have found so far. However, a report from Bloomberg News Wednesday (Feb. 19) notes that while DOGE says it has saved $55 billion, its website accounts for just $16.6 billion.

That site also includes an error, the report added, mislabeling an $8 million contract as $8 billion, reducing the amount of the group’s itemized savings by nearly half.

DOGE’s efforts have helped bring about hundreds of thousands of government layoffs, some of which have been rescinded as departments realized they were missing crucial workers. 

For example, the mass firings led to the dismissal of a team in the U.S. Department of Agriculture working on the government’s response to the avian flu. The department has said it is now trying to reverse the firings.

In another incident last week, the National Nuclear Security Administration rescinded firings for employees responsible for monitoring the nation’s nuclear stockpile, only to discover it had no way of getting in touch with said employees.

The idea for DOGE was first floated last year, with President Donald Trump announcing that Musk would lead the project. However, the administration has since said that Musk was an advisor to the White House, and not in charge of the department.

In a recent interview with PYMNTS CEO Karen Webster, Amias Gerety, a Treasury official for the Obama administration, warned of the consequences if DOGE’s efforts to access payment systems created uncertainty.

“If there’s one phrase that dominates discussions about the Treasury’s role in the nation’s finances, it’s ‘full faith and credit,’” Gerety said.

“The full faith and credit of the U.S. government should not be impeached. It’s literally in the [Constitution]. If you’re a bank, if you’re an investor, if you’re a government contractor, if you’re a retiree receiving Social Security — you have to ask, will my payments go through? That uncertainty should be felt around the world.”